Industrial Security Conference Copenhagen

15 • 16 • 17 NOVEMBER 2021

Industrial Security Conference Copenhagen WWW.ISC-CPH.COM

THESE AND MANY MORE SPEAKERS Joe Slowik, Threat Researcher Gigamon Patrick Miller, CEO, Ampere Industrial Security & board of directors, EnergySec Lars Erik Smevold, Security Analyst, KraftCERT Jens Christian Vedersø, OT security lead Hempel

Marie Moe, Senior Security Consultant Threat intelligence Mnemonic James McQuiggan, Security Awareness Advocate KnowBe4

InsightIT

Confirmed partners

Industrial Security Conference Copenhagen Hacking costs companies and consumers trillions every year. Hacking of critical infrastructure such as the energy sector, transport, public sector services, telecommunications and critical manufacturing industries can disrupt necessities such as water, heat, healthcare, and food supply. Cybercrime is growing, cybercriminals are increasingly collaborating and every day new vulnerabilities are discovered, and new types of malwares are staying undetected. The threat landscape is ever changing and so are the tools necessary to keep networks, IT/OT systems, and people protected from cyber-attacks. It is no longer a question if your company will be compromised, but rather when it will be. Join us in Copenhagen on 15-16-17 November 2021 and experience interesting keynotes, expert presentations, knowledge sharing and networking. Over the course of 3 days, you will be updated on the current threat landscape. You can look forward to hearing renowned experts share their knowledge on securing industrial control systems – such as SCADA, PLC and Distributed Control Systems. Compose your own conference – choose between 1, 2 or 3 days Industrial Security Conference Copenhagen is relevant for anyone interested in securing control systems, critical infrastructure, automation and smart grid. The conference gathers ICS/SCADA stakeholders across many different types of critical infrastructures from many countries. The conference is divided in a Danish part on Day 1 and an international conference on Day 2 + 3. You can choose between attending 1, 2 or 3 days depending on your preferences. To get the full outcome, we recommend all 3 days for Danish professionals and Day 2 + 3 for internationals.

Speakers List Peter Frøkjær formand for ISACA Denmark Søren Maigaard direktør EnergiCERT Malene Hein Nybroe enhedschef Energistyrelsen

Maite Carli García Communication Manager & European CCI Coordinator, Industrial Cybersecurity Center CCI Mikael Vingaard OT Specialist En Garde Security

Michael Refskou Poulsen Cyber Security Consultant RefPo Consulting

Patrick Miller CEO Ampere Industrial Security & board of directors EnergySec

Michael Christensen Compliance & InfoSec Consultant inHouse Security

Jens Christian Vedersø OT Security Lead Hempel

Sarah Aalborg Senior IT Security Advisor DSB

Marie Moe Senior Security Consultant Threat intelligence Mnemonic

Philippe Jessen chefrådgiver i adfærdskommunikation og informationssikkerhed Operate Emil Bisgaard Expert in Technology & Cybersecurity, Partner Poul Schmith / Kammeradvokaten Kenneth Bjerregaard Jørgensen SAC Teammanager & Threathunter EnergiCERT

Joe Slowik Threat Researcher Gigamon James McQuiggan Security Awareness Advocate KnowBe4 Søren Egede Knudsen CEO & IT/OT Security expert Egede Aps Jens Peter Høgh Senior Manager Security & Technology PWC

Vivek Ponnada Director of ICS Security ICI Electrical Engineering Jørgen Hartig administrerende direktør, strategisk rådgiver og partner SecuriOT Lars Erik Smevold Head of R&D/ Security Analyst KraftCERT Søren Rex Hansen Senior Key Expert - Cyber Security Siemens Gamesa Martin Scheu Security Engineer SWITCH-CERT René Matthiassen Senior Security Consultant Timmig Office Backup Michael Weng Principal Cyber Security Consultant NCC Group

PROGRAM MANDAG 15. NOVEMBER 2021 08.30

Udlevering af navneskilte og deltagermateriale Let morgenanretning med kaffe/te

09.00

Åbning af konferencen ved Nina Meyer, Senior Project Manager, Insight Events

09.05

Introduktion ved ordstyrer Peter Frøkjær, formand for ISACA Denmark

09.10

EnergiCERT er energisektorens fælles enhed for Cybersikkerhed EnergiCERT har været operationelle i et år og giver dig et indblik i det trusselsbillede, de ser, og hvordan de indsamler og behandler data om Cybersikkerhed i sektoren. Søren Maigaard, direktør, EnergiCERT

09.50

Kort pause

10.00

Leverandørsikkerhed Udfordringer og mulige løsninger set i lyset af den seneste tendens med supply chain-angreb. Malene Hein Nybroe, enhedschef, Energistyrelsen

10.40

Netværkspause med forfriskninger

11.15

NIS2 NIS2 er på vej med skærpede lovkrav til cybersikkerheden og store bøder, som dem vi kender fra GDPR. Lovkravene vil blandt andet omfatte organisationer inden for energi, transport, vandforsyning, spildevand, fødevarer, produktion og affaldshåndtering. EU viser med NIS2, at cybersikkerhed er en høj prioritet, men også at sikkerheden skal forbedres i hele unionen på tværs af sektorer og landegrænser. I oplægget kigger vi frem mod arbejdet med NIS2. Emil Bisgaard, Expert in Technology & Cybersecurity, Partner at Poul Schmith / Kammeradvokaten

11.55

Frokost

12.55

Du skal bygge et SOC – hvad bør du overveje, og hvilke faldgruber er der? Michael Refskou Poulsen, Cyber Security Consultant, RefPo Consulting

13.40

Du har fået dig et SOC – og hvad så? Du har nu ansat nogle dygtige folk i dit Security Operations Center (SOC), og har tømt budgettet til folk, udstyr og tools. Men hvad skal der så ske? Hvordan skal du få organisationen til at kunne håndtere de hændelser, som givet vil ske? Hvordan skal et beredskab tilrettelægges, for SOC kan ikke alene løfte opgaven med at håndtere en alvorlig hændelse? Det kræver derimod den samlede organisationens styrke og faglighed. Indlægget giver dig inspiration til egne processer og organisatoriske håndtering. Michael Christensen, Compliance & InfoSec Consultant, inHouse Security

13.55

Netværkspause med forfriskninger

14.20

OT-sikkerhed i dybden - åhh hvis det bare kun krævede teknik Hvordan sammensætter man et program for OT-sikkerhed, der kan accepteres og forankres i den lokale organisation, effektivt styrkes sikkerheden og erkender nye risici? Hver produktionsfacilitet har særegne tekniske og organisatoriske problemstillinger, der kræver skræddersyede løsninger, der kun kan implementeres, hvis produktionsorganisationen tager ejerskab og får de nødvendige ressourcer og kompetencer. Bæredygtige tiltag kræver en grundig analyse, men må ikke kvæle den lokale organisation i excel-ark og spørgeskemaer de ikke har kompetence til at udfylde. Her er et bud på en metode til at lykkedes med at analysere problemstillinger og skabe løsninger i samarbejde med den der bruger systemet. Jens Christian Vedersø, OT Security Lead, Hempel A/S

15.10

Hvordan står det egentlig til – er truslen mod danske forsyningsvirksomheder fup eller fakta? EnergiCERT driver et stadigt voksende netværkssensor netværk hos deres medlemmer. Oplægget vil handle om det EnergiCERT har set til nu på ydersiden af medlemmernes netværk. Hvad angriber, hvad har ramt og hvad betyder det i forhold til beskyttende tiltag? Kenneth Bjerregaard Jørgensen, SAC Team Manager & Threathunter, EnergiCERT

15.50

Kort pause

16.10

Adfærdskommunikation der virker! One size fits no-one. Brede budskaber om informationssikkerhed virker ikke. Det gør målrettet kommunikation derimod. Går du risikobaseret til værks, så øger du ikke alene chancen for at opnå ledelsens opbakning. Du opnår også bedre resultater. 5 enkle trin, der sikrer, at du kommunikerer de rette budskaber gennem kanaler, som dine målgrupper benytter, når du arbejder med informationssikkerhed. Ud over at øge effekten, forbedrer du også dine muligheder for at få ledelsens opbakning – og ikke mindst de nødvendige budgetter – til at indfri dine ambitioner for virksomhedens informationssikkerhed. Sarah Aalborg, Senior IT Security Advisor, DSB Philippe Jessen, chefrådgiver i adfærdskommunikation og informationssikkerhed, Operate

16.25

Nyt fra specialisterne • “Zero trust keeps the Operation running”, Christian Søgaard Nielsen, Senior Systems Engineer, Trend Micro • ”Building next generation security monitoring and SOC across Hybrid environments”, Lars Syberg, Nordic Security Lead, Avanade

17.00

Netværksreception med forfriskninger

18.30

Konferencens dag 1 slutter

PROGRAM TUESDAY 16 NOVEMBER 2021 08.30

Registration and refreshments Register at the conference reception, receive your nametag and conference material

09.00

Opening of the conference by Nina Meyer, Senior Project Manager, Insight Events

09.05

Chairman Peter Frøkjær, President of ISACA Denmark introduces today’s program

09.10

The State of the Industrial Cybersecurity in Europe Maite Carli, Communication Manager & European Coordinator, CCI

09.50

Short break

09.55

Top 20 Secure PLC Coding Practices This project brought together hundreds of OT Professionals and ICS Engineers, resulting in an easy-to-use guideline meant for Engineers to build/utilize native functionality at Purdue Level 1 towards a defensible security posture. Vivek Ponnada, Director of ICS Security, ICI Electrical Engineering

10.35

Refreshments and networking

11.00

Industrial Technology Trajectory: Running with Scissors Innovative and disruptive technologies are enhancing and invading our traditional industrial business model. Future infrastructure organizations will need more data to operate efficiently and succeed in the brave new interconnected world. The diversity of new technologies and data will fuel more diversity in business opportunity. Everyone expects more OT, more IOT, and more IT – and all of it is supposed to be highly reliable and secure. These factors (and more) lead to a landscape shift for the industrial cybersecurity risk profile. In this session, hear ways to recognize the problems and gain some clarity on possible solutions through historic lessons, made up words, and practical front-line experience. Patrick Miller, CEO, Ampere Industrial Security & board of directors, EnergySec

11.40

Lunch and networking

12. 30

DevSecOps, say what? Cyber secure solutions and integrations are not just something you develop, test and then handover. Hear how Siemens Gamesa Renewable Energy are utilizing best practices from the software community, boosting development, security, and operations, by bridging the gap between IT and OT. Keywords: DevSecOps, Secure development life cycle, long time support, delivery pipeline, risk assessment, blueprints Søren Rex Hansen, Senior Key Expert - Cyber Security, Siemens Gamesa

13.10

Short break

13.15

How do you cover and validate security requirements in tenders for your suppliers? How did the Danish State Railways ensure to cover cybersecurity in the large scale sourcing of a new trainfleet in one of the largest sourcing projects in Europe in 2021? René Matthiassen, Senior Security Consultant, Timmig Office Backup

13.55

Refreshments and networking

14.20

Serious fun with ... several industrial PLC’s and zerodays In the daily grinder, it often hard to find time to get trained in industrial Security - budget restrictions, Covid and corporate travel ban are not helping either. This presentation will provide insight in how the new ICS range training environment works - build with real industrial security devices. The ideas behind the range, the scope and gamification and a sneak-peak on some of the labs would be described in the presentation. The environment are online – always ready, when the student have time and there are no need to allocate precious in-house man-power to design, build and maintain the range. Mikael Vingaard, En Garde security

15.00

Short break

15.10

Cyber security in an offshore OT environment In the first part of this talk you get presented the results of an empirical study of cyber incident response readiness in the Norwegian oil and gas industry. The second part of this talk presents a recent use-case where mnemonic designed a solution for securing remote access into SAAS and protecting IACS subsystems offshore from cyber threats. Here Mnemonic implemented a system allowing the control room offshore to dynamically grant access and isolate critical subsystems offshore by pressing a “big red button”. The key takeaways from this talk will be an insight into the unique challenges of the petroleum industry when it comes to incident response readiness, including a real-world example of how to design secure remote access with a built in practical emergency network segmentation solution. Marie Moe, Senior Security Consultant Threat intelligence, Mnemonic

PROGRAM TUESDAY 16 NOVEMBER 2021 15.55

Short break

16.10

Network visibility considerations in industrial control system monitoring Traffic security, primarily through encryption, is frequently considered a desirable feature to prevent attacks, traffic spoofing, or traffic modification. In industrial networks, encryption has typically been looked down on for higher processing overhead and potential latency issues, but otherwise desirable if it can be properly implemented. In this presentation, we will look into questions of network traffic security and industrial control system monitoring to see what asset owners should look for when protecting their environments. This presentation will cover what is known of recent industrial intrusions and incidents, and examine how these relate to network visibility consideration. After reviewing technical details, we will then examine matters in light of other logging and visibility sources (or the lack thereof) to see what the overall industrial security picture looks like. From this exploration, we will arrive at a final discussion of how seemingly insecure traffic flows may actually enhance overall network and facility security posture through their availability for monitoring and analysis. Joe Slowik, Threat Researcher, Gigamon

17.00

Specialist talks

Common challenges around a large scale OT cyber security program - Where to start ? How to get information ? What are the common pain points ? What should be the steps ? Claroty

Addressing the Fast Evolving OT Threat Landscape with Unified Visibility Armis

Pre-emptive cyber maintenance in IT/OT converged environments

Dominic Storey, Principal OT Security Engineer, Tenable 17.30

Chairman Peter Frøkjær, President of ISACA Denmark rounds up today’s learnings

17.45

Networking reception

18.30

Dinner & Networking (requires separate signup)

PROGRAM WEDNESDAY 17 NOVEMBER 2021 09.00

Chairman Peter Frøkjær, President of ISACA Denmark introduces today’s program

09.10

Network security monitoring inside SCADA / OT networks SCADA / OT networks are often a black spots on the network map, even though organizations heavily rely on them. In this presentation you will learn what is doable with open source network monitoring software. The aim is to get you started with network monitoring, learn how to baseline your network, define what to detect and how to alarm. Martin Scheu, Security Engineer, SWITCH-CERT

09.50

Short break

10.00

Penetration testing in critical environments Why should we use penetration testing in our critical environment, and how can it be done? These two questions are often asked and discussed, but also sometimes misunderstood. In this session, Søren Egede Knudsen will both present information on why and how you should use penetration tests in the critical environment, but also how you can use the information from the penetration tests. He will be using some technical examples from the real world. Søren Egede Knudsen, CEO & IT/OT Security expert

10.40

Refreshments and networking

11.05

Zero Trust in OT/ICS ICS/OT environments are typically “flat”, originally designed with a reliability mindset and a security posture never intended to secure environments connected to the corporate network nor to the Internet. On the other hand, the trend towards digital connectedness is ever intensifying. And this, along with the marked shift in the OT threat landscape, has made ICS a prime target for cyberattacks. Implementing ”Zero Trust” principles in such industrial control networks is particularly challenging; not the least due to the difficulty to test new paradigms and technologies in an always-on industrial environment. Learn from PwC what is the state-of-the-art in this area, how to overcome the testing barriers, and how to deploy such principles - in combination with improved infrastructure visibility and positive reinforcement for your security policies - to better secure your Operational Technology. Jens Peter Høgh, Senior Manager Security & Technology, PWC

PROGRAM WEDNESDAY 17 NOVEMBER 2021 11.45

Tie the knot on OT/ICS cyber security activities Vendors, their Sales and Marketing departments and all kinds of experts seems to know what’s best for your company, when it comes to improving cyber security. AI, ML, Zero Trust and more, are thrown around. But are they right, and are they telling the whole story? This talk will go through some of the ‘behind the scene’ difficulties we experience when it comes to helping our clients implement and deploying new cyber security activities, to help boost their defense and/or forensics capabilities. It’s not all that easy, it seems … Michael Weng, Principal Cyber Security Consultant, NCC Group

12.25

Lunch and networking

13.25

Hardware security – Trust in the supply chain and why? There’s an all-time high focus from attacker groups on industrial control systems, whether it´s SCADA, local control, PLCs or the infrastructure. The hardware and software components that are the core of these systems, our most sensitive and critical infrastructure, are increasingly protected, and the management presents the new and great security solutions. Safe as in the bank or do we still have some uncharted waters? Also in the energy sector, companies are exposed to unwanted ICT incidents, both opportunistic and targeted. Computer attacks on businesses via the digital value chains appear to be on the rise. In this presentation, you will be presented with case studies and some thoughts about how to handle the value in the supply chain. Lars Erik Smevold, Head of R&D/ Security Analyst, KraftCERT

14.15

Short break

14.25

IEC 62443 Shit! The back door was open, and the lights went out. Digitization of production systems and utility services are becoming more and more widespread and has many positive effects. In the ”old days”, OT infrastructure and business IT were ”Air-gapped”, but that’s over now. The use of 5G, Edge computing, remote access to critical systems and the use of Cloud services, etc. has opened doors that also can be used by cyber criminals. How should you handle the new “reality”, and how can IEC62443 standards help you close the ”door”? Jørgen E. Hartig, Managing Director & Partner, SecuriOT

15.05

Refreshments and networking

15.30

Why Security Awareness isn’t enough for your users to protect your organization Cybercriminals continue to successfully trick users into clicking on links, effectively bypassing the firewalls and opening the organization’s proverbial front door for attacks. Discover the art and science behind deception and why users may fall for social engineering tricks even after understanding how they work. From the sleight-of-hand used by magicians to the slightof-tongue used for social engineering, we are all wired to deceive and be deceived. See how threat actors use these techniques against your users and how an evolved security awareness training can help them spot deceptions before it’s too late. However, just because they are aware, what makes them care? What does it take to operate and maintain these security awareness programs successfully? Learn how organizations can review their ABCs of security training. Awareness, Behaviors, and Culture can significantly reduce the risk of attack for an organization. This session will explain why users succumb to social engineering attacks, including ways to make your users care and improve your security awareness and training program. James McQuiggan, Security Awareness Advocate, KnowBe4

16.10

Chairman Peter Frøkjær, President of ISACA Denmark talks about today’s learnings

16.25

The conference ends

We take reservations for misprints and changes in the program. For further information please contact Senior Project Manager Nina Meyer, Tel: (+45) 3055 3092 or e-mail: nm@insightevents.dk

VENUE & REGISTRATION DATES & CONFERENCE VENUE

The conference will be held 15, 16 & 17 November 2021 at Tivoli Hotel & Congress Center Arni Magnussons Gade 2 1577 Copenhagen V

ACCOMMODATION

Accommodation is not included in the registration fee.

REGISTRATION FEE Number of days

Early Bird

Special offer

Normal price

Attend 1, 2 or 3 days

Until 1 October 2021

Until 29 October 2021

From 30 October 2021

1 day

DKK 7,995

DKK 8,995

DKK 10,495

2 days

DKK 8,995

DKK 9,995

DKK 11,495

3 days

DKK 10,995

DKK 11,995

DKK 12,995

Invoice and confirmation of your registration will be submitted upon registration. The price includes catering (coffee/tea, fruit/cake and lunch as well as a network reception). You can also join an optional network dinner on 16th of November for DKK 650,-. All fees are exclusive VAT

GROUP DISCOUNT

It is possible to register 3+ entries for the conference and get a discount. Contact us for more information. .

REGISTRATION

To register for the conference the best and quickest way is to fill in the online registration form on cashandtreasury.dk. We also accept bookings by post, Tel: (+45) 35 25 35 45 and e-mail: info@insightevents.dk. Once we have received your registration you will receive an invoice. Your registration is binding.

CANCELLATION

All cancellations must be submitted in writing. If cancelled up to 14 days before the event, a fee of 10% will be withheld. Should cancellation be made less than 14 days prior to the event, 50% will be withheld and, if cancelled later than 2 days before the date of the event, full price will be paid. If you are prevented from participating, you also have the opportunity to transfer your participation to a colleague. All substitutions must be received in writing.

COVID-19: Safe Participation

In Denmark, more than 70 % have already been vaccinated against COVID-19. Most of the restrictions have been removed, and we are allowed to conduct conferences as normal. However, you may still present a corona pass (vaccine, negative test maximum 72 hours, or have been tested positive within the last 14 to 180 days) to be able to eat in the restaurants at the venues. Insight Events ApS, Silkegade 17, st., Postbox 2023, DK-1012 Copenhagen K, Tel: (+45) 35 25 35 45, info@insightevents.dk, www.insightevents.dk, VAT registered No 24 24 03 71

Insight Events ApS • Silkegade 17, st. • Postboks 2023 • 1012 København K

Insight Events conference

Industrial Security Conference Copenhagen Join us in Copenhagen on 15-16-17 November 2021 and experience interesting keynotes, expert presentations, knowledge sharing and networking. Compose your own conference – choose between 1, 2 or 3 days Experience an international program The program is composed in cooperation with key players within the industry. You will learn from your international peers who are working with projects such as Honeypots, Penetration testing in critical environments, Information Security Awareness, Red Team/Blue Team playground and much more. Expand your network Industrial Security Conference Copenhagen is relevant for anyone interested in securing control systems, critical infrastructure, automation and smart-grid. The conference gathers ICS/SCADA stakeholders across many different types of critical infrastructures from many countries.

(+45) 35 25 35 45

www.isc-cph.com info@insightevents.dk

Insight Events Silkegade 17, st. 1113 København K

21scada

4 ways to register: